Primary Navigation

Coffeehouse Post

Single Post Permalink

The following is a post from my blog. While it is not targetted at strictly developers the lesson is universal:

Last fall I got an email from the IT department at my school informing me that I was sharing files in an XDCC chatroom. I mailed them back and told them I wasn't and that I don't use XDCC. The sent me back a message with the server that I was connected to
as well as the ports and other relevant information. I immeadiantly went to work to diagnose the problem. A virus scan turned up nothing as did adaware. I proceeded to download a copy of TCPview from
Sysinternals. Sure enough there was copy of netsvc running on the port that the emailed me. As I dug into the issue I discovered a file called cfgmgmt.dll that had been added into system32. This did indeed turn out to be the culprit.

I wasted a day tracking down this issue. It wasted a huge amount of my time that I did not have to waste. The trojan had come with something that I had downloaded that was less than legit. Even so I wanted to make sure that it never happened again. Sometime
before I had bookmarked an article to read later about developing applications as a non-administrator. After this incident I sat down and read it, and implemented everything that it said.

Why did I do that? The answer is simple, if my user had not been in the administrator group nothing would have happened. As a regular user you don't have permission to add files to system32 and settings to the registry. I would have saved alot of time that
I spent trying to hunt it down. Many virii that exist require the user to be an administrator to be effective. If the user is not an administrator than there are insufficient privledges for the virus to do what it wants. Obviously this does not protect against
virii that exploit a security flaw to gain elevated privledges so a virus scanner is still needed.

Is all this security a pain? I have not found it to be. You can easily run an application or an installer as an administrator through the runas option in the windows shell. There are plenty of guides out there on how to use your computer effectivly as a
non-administrator. So I implore you, DON”T RUN AS AN ADMINISTRATOR.

And if you do? I never want to hear you cry about any companies security flaws, you are just as culpable as they are.